eduGAIN:Privacy policy

Summaries of recent edits

No edit summary defined.

From eduGAIN Wiki

Jump to: navigation, search
Name of the service eduGAIN Wiki
Description of the service Provides recommendations and instructions on how to eduGAIN-enable a web service.
Data controller and a contact person GEANT Project contact via Server operated by PSNC, Poland.
Jurisdiction PL Poland Poznan.
Personal data processed 1. For all users
  • IP address
  • Referrer address (the web page a user is coming from)

2. Only for authenticated users

  • A. Data provided by user's Home Organisation upon login:
    • User identifier (Mandatory)
      Attribute like eduPersonPrincipalName or SAML persistent ID/eduPersonTargetedID. eduPersonPrincipalName is preferred.
    • Email (Optional)
      Needed if the user wants to be notified when a wiki page is changed by somebody. If available as an identity attribute, this value is overwritten on each login.
    • Name (Optional)
      Real name of the user. Either given name plus surname or a display name. The displayName attribute is preferred. If available as an identity attribute, this value is overwritten on each login.
  • B. Data supplied by the user himself:
    • All content a user adds/modifies/removes on wiki pages
    • Personal preferences to customize the wiki

Some of the above attributes are redundant (e.g. display name and given name plus surname). The reason for requesting them even though they contain the same information, is that it is technically not possible to declare that either display name or given name plus surname is sent by an organisation.

Purpose of the processing of personal data The IP and referrer addresses of all web page visitors are stored in the web server log file for statistical purposes (e.g. to find out from which countries users are accessing the wiki) and for accountability (e.g. in case of misuse of the wiki).
For authenticated users, the eduGAIN wiki receives the personal data mentioned-above Home Organisation. This personal data is used to identify users (who applied which changes to which page), for access control (e.g. only authenticated users can edit wiki pages), for customization (personal preferences) and to (optionally on request) notify users in case a wiki page changed.
Third parties to whom personal data is disclosed No raw data will be released to third parties outside the GEANT project. Aggregated and anonymized data (e.g. how many visitors the wiki had last year) may be published.
Authenticated users editing wiki pages must be aware that their name and potentially email address are visible to other users of the wiki.
Personal data might be used within the European GEANT project and the participating organisations (research and education networks).
How to access, rectify and delete the personal data Contact
To rectify the data released by a Home Organisation, contact that Home Organisation's IT helpdesk.
Data retention Personal data is deleted on request of the user or if the user hasn't used the service for ten years. Deleted in this context means renamed as the Wiki system does not allow deleting user accounts without damaging the database. Therefore, personal data will be anonymized, which has the same effect as deletion.
Log files containing IP addresse and Referrer are deleted automatically after one year.
Data Protection Code of Conduct Personal data will be protected according to the Code of Conduct for Service Providers, a common standard for the research and higher education sector to protect the user's privacy.


Wanted articles
Who is online?